Configuring Samba for seamless access from Windows 8

In my home setup, we have a mix of devices (Windows 8.x, Windows RT, Windows Phone, Linux, Android and iOS). As part of my home server setup, I’ve setup Samba to share folders with the other devices – there are a few subtleties with setting up the Samba shares so you can access them with Windows 8.x and this post details how to deal with them.

With Windows 8.x, you need to setup the machine with a Microsoft account (aka live ID) – this means that the Windows machines in our houses do not all use the same user account. My wife’s machines uses her Microsoft account while mine uses my own and on these devices the primary user id is therefore different. In addition, since Samba authentication works through username/password combination, it means we need to have users and passwords that match the corresponding Microsoft accounts.

To deal with these issues, I picked the following approach:

  • Create one user corresponding to each Microsoft account (aka live ID) on the Linux server. This user will have the same password as the corresponding Microsoft account and will have no login shell so interactive login is not possible.
  • Create one group that contains all these users who’ll be accessing Samba shares – the group will have appropriate permissions for the underlying directories in the Linux server.
  • Change the group and group permissions for the directories that are accessible through Samba

So for e.g., let’s assume there are two Microsoft accounts – [email protected] and [email protected] who will need read/write access to three different shares – \\Server\Documents, \\Server\Pictures and \\Server\Music. Here are the commands to run:

# Create the group of Samba users
sudo addgroup smbusers
# Create the Linux user corresponding to [email protected]
# Note that the username doesn't really matter much - just make sure
# it conforms to all the Linux username restrictions
sudo adduser --shell /bin/false user1smb
# Create the Linux user corresponding to [email protected]
sudo adduser --shell /bin/false user2smb
# Add user1smb to smbusers group
sudo adduser user1smb smbusers
# Add user2smb to smbusers group
sudo adduser user2smb smbusers
# Set password for user1smb to the same as what you use for [email protected]
# to login to Windows
sudo passwd user1smb
# Set password for user2smb to the same as what you use for [email protected]
# to login to Windows
sudo passwd user2smb
# Setup access for the directories that will be shared through samba
# Let's assume /storage/Documents, /storage/Pictures and /storage/Music
# are to be shared through samba for read/write access with [email protected]
# and [email protected]
cd /storage
sudo chgrp -R smbusers Pictures
sudo chgrp -R smbusers Documents
sudo chgrp -R smbusers Music
sudo chmod -R g+rwx Pictures
sudo chmod -R g+rwx Documents
sudo chmod -R g+rwx Music

That sets up the local users and folders to allow access – now we need to setup samba. The only interesting part here is setting up a username map file that maps [email protected] to user1smb and [email protected] to user2smb. Edit /etc/samba/smb.conf and here’s what I’ve changed to enable the shares and access by Windows users:

# Use a username mapping file to allow windows logon to Linux user translation
   username map = /etc/samba/username.map

[Documents]
    comment = Server Documents
    path = /storage/Documents
    browsable = yes
    read only = no
    create mask = 0755
    valid users = +smbusers

[Music]
    comment = Server Music
    path = /storage/Music
    browsable = yes
    read only = no
    create mask = 0755
    valid users = +smbusers

[Pictures]
    comment = Server Pictures
    path = /storage/Pictures
    browsable = yes
    read only = no
    create mask = 0755
    valid users = +smbusers

And finally, here’s the /etc/samba/username.map file to map the Windows usernames to Linux users:

user1smb = [email protected]
user2smb = [email protected]

And with that you should be able to seamlessly access the Linux server’s Samba shares from Windows devices where you’re logged in as [email protected] or [email protected]. One downside here is that you still have to manually change the passwords for user1smb or user2smb whenever you change passwords for [email protected] or [email protected], so that the passwords are in sync.

An alternate approach would be to save Linux user credentials on the Windows devices machines for your Linux server in the control panel/credential manager.

Leave a Reply

Your email address will not be published. Required fields are marked *